At its most basic level, Cloud Computing allows users to obtain computing capabilities through the internet, regardless of their physical location. Computing clouds are in essence online huge datacentres containing thousands of servers hosting web applications. Cloud services from infrastructure to complete business processes can be purchased through web interfaces and turned on and off as they are needed.

Most Business and IT senior executives are aware of the benefits that cloud computing can bring – capital light, lower run costs, agility and faster time to market – all enabled by flexible access to applications and processing power on a pay-per-use basis.

Red Flag 1 – The discretionary (Variable) and non-discretionary (Fixed – Keep The Lights On) cost management pressure that business place on IT will increase to become the new normal. In addition use of an IT resource no longer depends on having the capital to own it. The business is able to source, scale and deliver compute capacity unbound of physical location or labour thanks to the cloud.

Red Flag 2 – Business Units are already choosing third party cloud vendors and bypassing the in-house IT function, which they find to be too slow, bureaucratic and difficult to work with. While IT remains cautious, business users have fully embraced Cloud based services. Cloud usage in the enterprise today is widespread and uncontrolled, with security and audit implications.

It is important to revisit the IT Strategy to incorporate the cloud and the new services it will enable. With this in mind what guidance is available to help formulate the strategy? The most common frameworks are ITIL, ISO 38500 and COBIT 5.

ITIL 2011 Edition – Service Strategy

“Strategy Management for IT services (page 136) is intended for managing the strategy of a service provider: it will include a specification of the types of service it will deliver, the customers of those services and the overall business outcomes to be achieved when the service provider executes the strategy.”

“Strategy Management ensures that all stakeholders are represented in deciding the appropriate direction of the organisation and that they all agree on its objectives and the means whereby resources, capabilities and investments are prioritized.”

“The basic principle of the cloud is that whatever IT service or utility a customer needs can be provided directly using the internet (or intranet) on a pay-per-use basis. Customers do not see, nor do they care, how the services are created and delivered.”

ISO/IEC 38500 Corporate governance of information technology

“The objective of ISO 38500 is to provide a structure of principles for directors (including owners, board members, directors, partners and senior executives) to use when evaluating, directing and monitoring the use of IT in their organizations.

Directors should govern IT through three main tasks:

1. Evaluate the current and future use of IT.

2. Direct preparation and implementation of plans and policies to ensure that the use of IT meets business objectives.

3. Monitor conformance to policies and performance against the plans”.

COBIT 5

COBIT 5 introduces a Governance Domain which has 5 EDM processes as described in my previous post.

In summary the guidance (What) provided by these three frameworks will help design and establish a robust governance framework; however there is limited (How) detail around the specific approach to take for Cloud enabled services.

Formulating a Cloud Computing Strategy

So let’s explore five key decisions that will need to be addressed in order to formulate a cloud computing strategy:

Do we continue to build out our own computing infrastructure?

IT must determine if the computing infrastructure is expensive and too inflexible because a highly virtualised and well managed infrastructure saves money. Some legacy applications will remain core and do not lend themselves to a cloud strategy (e.g. SWIFT transactions) however applications approaching end of life should migrate to avoid further investment.

Which parts of the Business do we move to the cloud?

IT should consider the cloud for new applications or business processes as requirements evolve. The cloud can significantly reduce time to market when rolling out new functionality and processes.

What type of cloud deployment do we use?

Public Cloud: scalable bandwidth shared with multiple tenants.

Private Clouds : applications and services deployed through the cloud but within the confines of the organisations on premise data centre or off premise (TelCos building private clouds for customers)

Hybrid Clouds: Mixing Public and Private Clouds is the preferred solution for the business because it provides the best balance of flexibility and risk management.

How must our governance framework evolve?

IT must retain control over which services are offered and managed and business units will have a say in getting the technology they need.

How do we protect sensitive customer information?

New measures will be required to help ensure that while data can be accessed anywhere and anytime, businesses do not breach data protection laws.

Cloud Computing – Not If but When

What are the actions needed to create the cloud enabled business?

IT must partner closely with business customers across the enterprise to understand and meet their needs in a responsive and cost effective way, while also helping to manage and integrate private, hybrid and public cloud based services alongside existing core business applications and technology.

Appoint a Cloud Leadership Team to drive change across the organisation in a co-ordinated effort that is led by Business and IT champions who aggressively push communications. The team should develop a position on how the cloud will impact the business – create new opportunities, new channels to market and new competitive threats – and how the technology can accelerate existing needs. The Cloud Leadership Team will need to specify which changes are going to have the most profound impact and prioritise these initiatives based on business benefit, difficulty of migration and any required investment spend.

IT must develop and implement a roadmap to replatform or replace existing business applications over time and then to build new applications using cloud based platforms.

As IT implements its new cloud strategy the IT function has a great opportunity to transform its role and establish itself as the business’s supplier of choice.

IT will require new skills and capabilities, for example hybrid managers who are close enough to the business to fully understand their issues and how cloud computing can respond to meet their needs quickly and cost-effectively. These hybrid managers will manage all the current and future cloud vendors and integrate cloud services on behalf of the business.

IT will act as the key service interface between the business units and the various suppliers. Ensuring seamless data integration between cloud and non-cloud services is a critical element of IT’s new role.

IT will need to assess and mitigate the risk of “lock-in”. With Infrastructure as a Service (IaaS) cloud makes it easier to migrate relatively smoothly to another provider. But with Software as a Service (SaaS) data is stored on the supllier’s servers making it difficult to disentangle.

As companies start shifting computing tasks to outside providers in the cloud, intermediaries have emerged to help them do it.

Cloud Service Brokerage

“A successful cloud computing strategy often involves customizing services from one or more vendors. One way to do this is through an intermediary service provider: a Cloud Services Brokerage. A CSB can make it easier to consume and maintain cloud services, while reducing the cost and risk encountered when an enterprise tries to address these issues alone.” Gartner

If you want to consume SaaS, access an Information store or other services then the Cloud Service Broker provides a single interface and can also offer managed services, professionbal services or Business Process Outsourcing.

The Cloud Service Broker sits between public cloud services and the customer taking the commodity like cloud services and customising them to be more specific to the customer. CSB also allows the business to extend their control over their applications and data into the cloud.

The Cloud Service Broker adds value when it is aggregating multiple services.

A recent Gartner report outlined three categories of cloud brokers that will enhance cloud services:

Cloud Service Intermediation: An intermediation broker provides value added services on top of existing cloud platforms, such as identity or access management capabilities.

Aggregation: An aggregation broker provides the “glue” to bring together multiple services and ensure the interoperability and security of data between systems.

Cloud Service Arbitrage: A cloud service arbitrage provides flexibility and “opportunistic choices” by offering multiple similar services to select from.